Open Source Authentication: Security without High Cost. Donald E. Malloy LSExperts May 18 th, 2016
|
|
- Rosanna Allen
- 6 years ago
- Views:
Transcription
1 Open Source Authentication: Security without High Cost Donald E. Malloy LSExperts May 18 th, 2016
2
3 Why the need for Strong Authentication? Fraud continues to skyrocket 10 Million Americans were victims of fraud last year This amounts to over $3.5B of online fraud last year alone Hacking into web sites and stealing passwords continue to be a main focus of fraudsters
4 Cyber Crime A Growing Global Threat What do these companies have in common?
5 com/pin/ /
6
7 Market size & projections The worldwide cybersecurity market estimates range from $75B in to $170B by 2020 Gartner says global IT spending is projected to increase to $170B PwC reports that US information security budgets have grown at almost double the rate of IT budgets over the last two years $1M+ cybersecurity sales to end-users are on the rise; according to FBR & Co. (Arlington, VA IB and M&A advisory firm) they have increased by 40% over last year The only slowdown is due to consolidation and acquisitions
8 Where did we come from? 1961 First computer generated password at MIT
9 Some Statistics In 2015 There were 781 Breaches in all categories: Finance, Government, Healthcare, Education, Business 169,068,506 RECORDS BREACHED # of Breaches = 5,810 Breaches # of records = 847,807,830 Data credit card companies United States represents 27% of world wide credit card volume And anywhere from 46%->50% of the fraud
10
11 Hackers are Everywhere
12 2015: Bigger Breaches, Bigger Failures Premera BlueCross (3/18/2015) 11M Anthem, Inc. (02/05/2015) 80M OPM (06/09/2015) 21.5M + 1.1M fingerprints AshleyMadison.com (07/20/2015) 50M Bank accounts Social Security numbers Social Security numbers addresses Physical addresses Personal names Date and place of birth Social Security numbers Complete background security application Personal names addresses Credit card numbers Physical addresses
13 Trends EMV (Chip and pin) is being rolled out in the US. Last October 2015, the credit card issuing companies implemented liability shift to merchants. Many merchants still not accepting the Chip Card. Fraud will move from POS and onto online transactions as it has in other countries and regions, Europe, UK, Canada. Considering that mobile payment and e- commerce are growing exponentially.online transactions are a huge attraction to fraudsters.
14 Why now? Pressure is mounting to stop the leakage of secure information Rapid growth of attacks (66% CAGR) Information that needs protection is growing Company reputation is at risk Leadership reputation is at risk (it s personal) Customers and partners will demand it PII regulation is coming (already in Europe) Shareholders will demand it to protect profits Strong security is a competitive advantage Expense of managing exposure is no longer negligible
15 Authentication Methods Simple Passwords Challenge Response One time Passwords Public Key Encryption Single Sign On Adaptive Authentication Biometrics Push Technologies SMS H/W Tokens S/W Tokens Bill Gates declared the Password dead in 2004
16 Issues Facing IT Managers
17 The Open Authentication Initiative (OATH) is a group of companies working together to help drive the adoption of open strong authentication technology across all networks. Q1
18 OATH History Created 9 years ago to provide open source strong authentication. It is an industry-wide collaboration that.. Leverages existing standards and creates an open reference architecture for strong authentication which users and service providers can rely upon, and leverage to interoperate. Reduces the cost and complexity of adopting strong authentication solutions. Q1
19 OATH : Background Networked entities face three major challenges today. Theft of or unauthorized access to confidential data. The inability to share data over a network without an increased security risk limits organizations. The lack of a viable single sign-on framework inhibits the growth of electronic commerce and networked operations. Q1
20 OATH : Justification The Initiative for Open Authentication (OATH) addresses these challenges with standard, open technology that is available to all. OATH is taking an all-encompassing approach, delivering solutions that allow for strong authentication of all users on all devices, across all networks. Q1
21 OATH Membership (Partial)
22 OATH Reference Architecture: Establishing common ground Sets the technical vision for OATH 4 guiding principles Open and royalty-free specifications Device Innovation & embedding Native Platform support Interoperable modules v2.0 Risk based authentication Authentication and Identity Sharing Q4
23 Standardized Authentication Algorithms -Open and royalty free specifications -Proven security: reviewed by industry experts -Choice: one size does not fit all HOTP OCRA T-HOTP -Event-based OTP -Based on HMAC, SHA-1 -IETF RFC Based on HOTP -Challenge-response authentication -Short digital signatures -IETF RFC Time-based HOTP -IEF RFC 6238
24 OATH Roadmap CHOICE of AUTHENTICATION METHODS CREDENTIAL PROVISIONING & LIFECYCLE APPLICATION INTEGRATION & ADOPTION - HOTP - OCRA - T-HOTP - PSKC - DSKPP - Certification program - WS Validation - Auth & Identity Sharing work
25 Token Innovation and Choice OTP embedded in credit card OTP soft token on mobile phones HOTP applets on SIM cards and smartcards OTP Token OTP embedded in flash devices Soft OTP Token HOTP 100+ shipping products Multi-Function Token (OTP & USB Smart Card) Q11
26 Certification Program Certification Adoption More products added in Numerous products have been certificated from over 30 companies! HOTP Standalone Client: 14 TOTP Standalone Client: 12 HOTP Validation Server: 11 TOTP Validation Server: 9 org/certification/products 26
27 OATH Review Certification HMAC OTP (HOTP) Time- Based (TOTP) Client OTP API OATH HTML Tags Challenge- Response (OCRA) Provisioning Protocols Portable Symmetric Key Container Token ID Extensions Validation Protocol Thraud Report Token Identifiers Namespace RFC* Complete In progress/draft published 27
28 Work Completed in 2015 Algorithm profile update Proposal and get RFC status Expand the certification program Additional profiles Provisioning server (DSKPP) Software token Test enhancements VALID specification Adoption support and work completion OTP usage with NFC SAML 2.0 OTP authentication URI? 28
29 OATH Authentication Framework 2.0 Authentication Methods HOTP Certificat e Challeng e/ Respons e Time Based Auth entic ation Toke n Token Interface Clien t Appli catio ns Authentication Protocols Provisioning Protocol Validation Framework Applicatio ns (VPN, Web Applicatio n, Etc.) User Store Risk Interface Validation Protocols Risk Evaluation & Sharing Validation Services Token Store Authentication and Identity Sharing Models Provisioning Framework Client Framework Provisioni ng Service Bulk Provisioning Protocols Credentia l Issuer(s) Q4
30 OATH and FIDO WebOATH Client API Draft done in Feb Allow vendors to provide various interoperable plug-ins Allow web applications to control security policy Similar initiative now by FIDO (Feb. 2013) FIDO client biometric or OTP credentials Client and server protocol Next step? Possibly work together? 30
31 Credential Provisioning Token manufacturer offline model Portable Symmetric Key Container standard format (PSKC Internet-Draft) Dynamic real-time model Dynamic Symmetric Key Provisioning Protocol (DSKPP Internet-Draft) OTA provisioning to mobile devices, or online to PC/USB IETF KeyProv WG Current RFC submissions Q5
32 Objectives Understand the full lifecycle support needed for strong authentication integration Learn different approaches to supporting strong authentication in your applications Take away with the best practices for enabling strong authentication in applications
33 Certification Program The OATH Certification Program Intended to provide assurance to customers that products implementing OATH standards and technologies will function as expected and interoperate with each other. Enable customers to deploy best of breed solutions consisting of various OATH certified authentication devices such as tokens and servers from different providers. Introduced 2 Draft Certification Profiles at RSA Tokens HOTP Standalone Client Servers HOTP Validation Server 10 Additional Profiles to be introduced throughout the year
34 Typical Application Scenario Transaction authentication & Signing Log on to Bank s web site Give user name and password Bank sends a challenge number used to create pin User enters number into card and new secure pass code is generated User then submits this new number to the bank s web site Transaction is then authorized by the bank
35 Recommended Validation Framework
36 Why is OTP Still Expensive? More the 50 companies offer One Time Password (OTP) solutions in various types and flavors. Soft tokens Hard tokens Credit Card USB tokens SMS Time based, Event Based, Challenge/response
37 OTP a Commodity? Cost per user has consistently been too high, manufacturers continue to have a business model that overcharges the user. Competition should drive costs down but it hasn t happened until now
38 Modular Design of LinOTP LSE LinOTP is an innovative and flexible OTP platform for strong user authentication. Open Source OTP is available for FREE: All OATH tokens are supported with SVA Smart Virtual Appliance Only cost is for support and maintenance
39 Works Everywhere One Time passwords offer the advantage that they do not require client-side driver. Open, generally accepted algorithms in particular are integrated for OTP generation, Listed in RFC4226 algorithm HMAC-OTP. LinOTP also supports various other open and proprietary token and procedures. The sending of one-time passwords (as mtan) via SMS or is also a function. The optional use of hardware tokens, which calculate the one-time password for the user, can help to increase security further.
40 Open Source Authentication
41 Authentication Integration Architecture Direct authentication integration over standard protocol Plugin based authentication integration
42 Plugin Based Enable two-factor authentication in your existing third party authentication server for user password Your application codes don t need to change Out of box strong authentication support in your existing third party authentication server Integration Connectors available from authentication solution vendors, e.g. RSA, Symantec e.g. CDAS plugin for IBM Access Manager Develop your customized plugin for your existing third party authentication server
43 OATH Timeline Common OTP Algorithm OATH Reference Architecture New HOTP devices - Membership expansion - Public Roadmap release Roadmap Advances - Portable Symmetric Key Container - Challenge-Response Mutual Authentication - Provisioning Protocol OATH Reference Architecture Risk-based Authentication - Authentication Sharing - IETF KeyProv - Interop Demo HOTP A humble beginning! Steady Progress
44 Risk Based Authentication Architecture Risk-based authentication Convenient authentication for low risk transactions Stronger authentication for higher risk transactions OATH will define standardized interfaces Risk Evaluation Sharing fraud information (ThraudReport)
45 Authentication and Identity Sharing Promotes use of single credential across applications Force multiplier! Multiple approaches One size does not fit all Models that leverage identity sharing technologies Kantara, SAML, OpenID, etc. Models to enable sharing of 2 nd factor authentication only Simpler liability models
46 Authentication Sharing Centralized Token Service model Token is validated centrally in the validation service Same token can be activated at multiple sites Easy integration for application web site(s). Can leverage OATH Validation Service work! Q8
47 Authentication Sharing Distributed Validation Model Inspired by DNS Rich set of deployment models Standalone system can join the network by publishing token discovery information There needs to be a central Token Lookup Service. OATH considering developing Token Lookup protocol. Q8
48 Authentication Sharing Credential Wallet Shared device Multiple credentials Credentials are dynamically provisioned onto the device. Leverage OATH Provisioning specifications. Q8
49 Identity Federation & OATH Enables user to use same identity across website(s) Traditional federation (Liberty) User-centric models (OpenID, CardSpace) Single Identity becomes more valuable Needs to protected using strong authentication OATH: promote the user of strong authentication with these technologies!
50 What about Technology beyond Passwords? Adaptive Authentication Biometrics Fingerprint Iris Scan Voice Facial Recognition Biometrics are great but they are irrevocable
51 What about Stronger Passwords? We have more passwords than ever before ave. # of passwords used daily is >25. Passwords attempt to answer the question: is this really you? Knowing what to type doesn t authenticate you. If that worked, fraudsters wouldn t be successful. Behavior analytics confirms who you are. Eventually, you won t have to remember a password at all simply type a phrase, and based on your behavior, will confirm that it is really you. 60% of Internet users have the same password for more than one web account source: Adults Media Use and Attitudes Report 2013 Ofcom
52 The Behavioral Advantage Good Okay Poor Can t be Stolen or Shared Key Attributes Identifies the Person Gradient Results Revocable Nothing to Remember All the Benefits, None of the Drawbacks No PII No Special Equipment Easy to Deploy Low Cost Usability Behavioral Biometric Passwords HW Tokens SW Tokens Fingerprint Facial recognition Iris Scan Voice Recognition
53 The Time is Now for Behavioral Analytics Increase in recommendations by advocates of behavioral analytics -- but what is driving this trend? Security technologies using white list/black list rules or signature-based strategies are failing to block increasingly sophisticated attackers Network activity logs are generated and then ignored because human analysts capable to act on them are not available Attackers are shifting to targeting individuals to trick or coerce them into giving up their usernames and passwords Fraudsters are become increasingly proficient at assembling full data records from partial information stolen in earlier breaches
54 Behavioral Login Using behavior to secure the login, the latest focal point for cyber attacks. Provides security without PII frictionless user experience control over subscription sharing With Nothing Over 300 million records breached in 2014, in the United States alone. source: data-breach.silk.co to possess, or lose (fobs, smartcards) to remember (security questions) to fail (devices/readers, cell phones, etc.)
55 Summary Driving a fundamental shift from proprietary to open solutions! An industry-wide problem mandates an industry wide solution Strong Authentication to stop identity theft across all the networks A reference architecture based on open standards Foster innovation & lower cost Drive wider deployment across users and networks Minimal bureaucracy to get the work done!
56 How to Get Involved Visit the OATH website Download Reference Architecture v2 Download and review draft specifications Engage - contribute ideas, suggestions Review public draft specifications Get involved in developing specifications Become a member! 3 levels - Coordinating, Contributing, Adopting Become an active participant
57 Open Source Implementation RADIUS Client Java C/C++ Authentication Server with OTP Support Radius server Need to add OTP auth plugin Triplesec
58 References and Resources Initiative for Open AuTHentication (OATH) HOTP: An HMAC-Based One-Time Password Algorithm RFC TOTP: Time Based One Time Password Algorithm RFC OCRA: OATH Challenge/Response - RFC OATH Reference Architecture
59 Questions & Answers Thank You!
Open Source Authen.ca.on: Security without High Cost. Donald E. Malloy LSExperts January 27 th, 2016
Open Source Authen.ca.on: Security without High Cost Donald E. Malloy LSExperts January 27 th, 2016 Why the need for Strong Authen.ca.on? Fraud con*nues to skyrocket 10 Million Americans were vic*ms of
More informationInitiative for Open Authentication OATH Interoperability without Sacrificing Security
Initiative for Open Authentication OATH Interoperability without Sacrificing Security Donald E. Malloy, Jr. NagraID Security XCL@B September 7 th 2010 The Open Authentication Reference Architecture (OATH)
More informationOATH : An Initiative for Open AuTHentication
OATH : An Initiative for Open AuTHentication Who Are You Really Doing Business With? 2 Oath Proprietary Confidential The New York Magazine, July 5, 1993, Peter Steiner, The Economic Promise of e-business
More informationSmart Cards and Authentication. Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security
Smart Cards and Authentication Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security Payment Landscape Contactless payment technology being deployed Speeds
More informationEXPERIENCE SIMPLER, STRONGER AUTHENTICATION
1 EXPERIENCE SIMPLER, STRONGER AUTHENTICATION 2 Data Breaches are out of control 3 IN 2014... 783 data breaches >1 billion records stolen since 2012 $3.5 million average cost per breach 4 We have a PASSWORD
More informationwhite paper SMS Authentication: 10 Things to Know Before You Buy
white paper SMS Authentication: 10 Things to Know Before You Buy SMS Authentication white paper Introduction Delivering instant remote access is no longer just about remote employees. It s about enabling
More informationA Layered Approach to Fraud Mitigation. Nick White Product Manager, FIS Payments Integrated Financial Services
A Layered Approach to Fraud Mitigation Nick White Product Manager, FIS Payments Integrated Financial Services Session Agenda Growing Fraud Concerns Old Habits Die Hard Maneuvering through the Barriers
More informationAuthentication Technology for a Smart eid Infrastructure.
Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts
More informationITU-T SG 17 Q10/17. Trust Elevation Frameworks
ITU-T SG 17 Q10/17 Trust Elevation Frameworks Abbie Barbir, Ph.D. ITU-T SG 17 Q10 Rapporteur Martin Euchner SG 17 Advisor ITU Workshop on "Future Trust and Knowledge Infrastructure July 1 2016 Contents
More informationAXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure
AXIAD IDS CLOUD SOLUTION Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure Logical Access Use Cases ONE BADGE FOR CONVERGED PHYSICAL AND IT ACCESS Corporate ID badge for physical
More informationEBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS
EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS HOW SECURE IS YOUR VPN ACCESS? Remote access gateways such as VPNs and firewalls provide critical anywhere-anytime connections to the networks
More informationWho What Why
Who What Why Board Members Sponsors Associates To Change Authentication Online by: (a) Developing unencumbered Specifications that define interoperable mechanisms that supplant reliance on passwords (b)
More informationAuthentication Methods
CERT-EU Security Whitepaper 16-003 Authentication Methods D.Antoniou, K.Socha ver. 1.0 20/12/2016 TLP: WHITE 1 Authentication Lately, protecting data has become increasingly difficult task. Cyber-attacks
More informationModern two-factor authentication: Easy. Affordable. Secure.
Modern two-factor authentication: Easy. Affordable. Secure. www.duosecurity.com Your systems and users are under attack like never before The last few years have seen an unprecedented number of attacks
More informationSafelayer's Adaptive Authentication: Increased security through context information
1 Safelayer's Adaptive Authentication: Increased security through context information The password continues to be the most widely used credential, although awareness is growing that it provides insufficient
More informationIntegrated Access Management Solutions. Access Televentures
Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1
More informationWhite Paper. The Impact of Payment Services Directive II (PSD2) on Authentication & Security
White Paper The Impact of Payment Services Directive II (PSD2) on Authentication & Security First Edition June 2016 Goode Intelligence All Rights Reserved Published by: Goode Intelligence Sponsored by:
More informationEXPERIENCE SIMPLER, STRONGER AUTHENTICATION
1 EXPERIENCE SIMPLER, STRONGER AUTHENTICATION 2 Data Breaches are out of control 3 IN 2014... 708 data breaches 82 million personal records stolen $3.5 million average cost per breach 4 We have a PASSWORD
More informationhidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION
HID ActivOne USER FRIENDLY STRONG AUTHENTICATION We understand IT security is one of the TOUGHEST business challenges today. HID Global is your trusted partner in the fight against data breach due to misused
More informationHow Next Generation Trusted Identities Can Help Transform Your Business
SESSION ID: SPO-W09B How Next Generation Trusted Identities Can Help Transform Your Business Chris Taylor Senior Product Manager Entrust Datacard @Ctaylor_Entrust Identity underpins our PERSONAL life 2
More informationMeeting FFIEC Meeting Regulations for Online and Mobile Banking
Meeting FFIEC Meeting Regulations for Online and Mobile Banking The benefits of a smart card based authentication that utilizes Public Key Infrastructure and additional mechanisms for authentication and
More informationMaintaining Trust: Visa Inc. Payment Security Strategy
Maintaining Trust: Visa Inc Payment Security Strategy Ellen Richey 2010 Payments Conference Chicago Federal Reserve Global Electronic Payments Protecting the payment system is a shared responsibility among
More informationThe security challenge in a mobile world
The security challenge in a mobile world Contents Executive summary 2 Executive summary 3 Controlling devices and data from the cloud 4 Managing mobile devices - Overview - How it works with MDM - Scenario
More informationJrsys Mobile Banking Solutions
Jrsys Mobile Banking Solutions Jrsys International corp. James Wu Mobile PKI solutions 1.Mobile CA 2.Mobile RA 3.Mobile Signing and Validation Service CA Mobile Signature/ Encryption Mobile PKI Mobile
More informationPasswords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist
Passwords Are Dead Long Live Multi-Factor Authentication Chris Webber, Security Strategist Copyright 2015 Centrify Corporation. All Rights Reserved. 1 Threat Landscape Breach accomplished Initial attack
More informationSOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK
RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK KEY BENEFITS AT A GLANCE Ensure your journey to the cloud is secure and convenient, without compromising either. Drive business agility
More informationUsing Biometric Authentication to Elevate Enterprise Security
Using Biometric Authentication to Elevate Enterprise Security Biometric authentication in the enterprise? It s just a matter of time Mobile biometric authentication is officially here to stay. Most of
More informationAccess Management Handbook
Access Management Handbook Contents An Introduction 3 Glossary of Access Management Terms 4 Identity and Access Management (IAM) 4 Access Management 5 IDaaS 6 Identity Governance and Administration (IGA)
More informationKeep the Door Open for Users and Closed to Hackers
Keep the Door Open for Users and Closed to Hackers A Shift in Criminal Your Web site serves as the front door to your enterprise for many customers, but it has also become a back door for fraudsters. According
More informationNew Paradigms of Digital Identity:
A Telefonica White Paper New Paradigms of Digital Identity: Authentication and Authorization as a Service (AuthaaS) February 2016 1. Introduction The concept of identity has always been the key factor
More informationFIDO Alliance: Standards-based Solutions for Simpler, Strong Authentication
FIDO Alliance: Standards-based Solutions for Simpler, Strong Authentication Jeremy Grant Managing Director, Technology Business Strategy Venable LLP jeremy.grant@venable.com @jgrantindc Digital: The Opportunity
More informationRSA Solution Brief. Providing Secure Access to Corporate Resources from BlackBerry. Devices. Leveraging Two-factor Authentication. RSA Solution Brief
Providing Secure Access to Corporate Resources from BlackBerry Devices Leveraging Two-factor Authentication Augmenting the BlackBerry Enterprise Solution BlackBerry devices are becoming ubiquitous throughout
More informationTowards a uniform solution to identity theft
Towards a uniform solution to identity theft November 2006 (V2.1) Lockstep Technologies www.lockstep.com.au Everybody s talking about identity theft. And many banks and other institutions are doing something
More informationA NEW MODEL FOR AUTHENTICATION
All Rights Reserved. FIDO Alliance. Copyright 2016. A NEW MODEL FOR AUTHENTICATION ENABLING MORE EFFICIENT DIGITAL SERVICE DELIVERY Jeremy Grant jeremy.grant@chertoffgroup.com Confidential 5 The world
More informationMobile Security / Mobile Payments
Mobile Security / Mobile Payments Leslie K. Lambert CISSP, CISM, CISA, CRISC, CIPP/US, CIPP/G VP, Chief Information Security Officer Juniper Networks Professional Techniques - Session T23 MOBILE SECURITY
More informationLinQ2FA. Helping You. Network. Direct Communication. Stay Fraud Free!
LinQ2FA Stay Fraud Free! Helping You Direct Communication Secure to your Your customers Network LINQ2FA Stay Fraud Free! Enhance your security against cyber fraud with Two Factor Authentication Suitable
More informationSecuring Personal Mobile Device Access to Enterprise IT and Cloud Assets with Strong Authentication
Securing Personal Mobile Device Access to Enterprise IT and Cloud Assets with Strong Authentication Strong Authentication is the Foundation for Securing Mobile Access Executive Summary The consumerization
More informationAre You Flirting with Risk?
Are You Flirting with Risk? RSA Live Webcast October 15, 2013 Jessica Stanford Sr. Product Marketing Manager, RSA Authentication 1 2 3 4 5 RSA AUTHENTICATION MANAGER 8.0 Agenda Password Problem Market
More informationYubico with Centrify for Mac - Deployment Guide
CENTRIFY DEPLOYMENT GUIDE Yubico with Centrify for Mac - Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component
More informationSecure Government Computing Initiatives & SecureZIP
Secure Government Computing Initiatives & SecureZIP T E C H N I C A L W H I T E P A P E R WP 700.xxxx Table of Contents Introduction FIPS 140 and SecureZIP Ensuring Software is FIPS 140 Compliant FIPS
More informationhidglobal.com Still Going Strong SECURITY TOKENS FROM HID GLOBAL
Still Going Strong SECURITY TOKENS FROM HID GLOBAL Contents Protecting Identities and sensitive data 03 Defining the Right Approach 05 HID Global Authentication Devices 06 HID Global Authentication Ecosystem
More informationManaging Trust in e-health with Federated Identity Management
ehealth Workshop Konolfingen (CH) Dec 4--5, 2007 Managing Trust in e-health with Federated Identity Management Dr. rer. nat. Hellmuth Broda Distinguished Director and CTO, Global Government Strategy, Sun
More informationWhitepaper on AuthShield Two Factor Authentication with SAP
Whitepaper on AuthShield Two Factor Authentication with SAP By AuthShield Labs Pvt. Ltd Table of Contents Table of Contents...2 1.Overview...4 2. Threats to account passwords...5 2.1 Social Engineering
More informationAuthentication. Katarina
Authentication Katarina Valalikova @KValalikova k.valalikova@evolveum.com 1 Agenda History Multi-factor, adaptive authentication SSO, SAML, OAuth, OpenID Connect Federation 2 Who am I? Ing. Katarina Valaliková
More informationOnline Banking Security
Online Banking Security Fabian Alenius Uwe Bauknecht May 17, 2009 Contents 1 Introduction 2 2 Secure Communication 2 2.1 Password authentication..................... 2 2.2 One-time Passwords.......................
More informationExploring the potential of Mobile Connect: From authentication to identity and attribute sharing. Janne Jutila, Head of Business Development, GSMA
Exploring the potential of Mobile Connect: From authentication to identity and attribute sharing Janne Jutila, Head of Business Development, GSMA Fragility of passwords No matter what you tell them, users
More informationSmart Payments. Generating a seamless experience in a digital world.
Smart Payments Generating a seamless experience in a digital world www.infineon.com/payment Trends Rising need for security The trends highlighted opposite are heightening the need for security and performance,
More informationRelated Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)
PRESENTED BY: Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced) One of the main problems that customers face with the adoption of SaaS and cloud-based apps is how to deliver the
More informationMoser Baer Group 25 years of excellence
Moser Baer Group 25 years of excellence Introduction to the Moser Baer Group Established in 1983 25 years legacy as India s leading technology manufacturing company 8,000 Employees Rs11,000 Crores in Assets
More informationWHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD
WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD Imagine that you re a CISO in charge of identity and access management for a major global technology and manufacturing company. You
More informationPaystar Remittance Suite Tokenless Two-Factor Authentication
Paystar Remittance Suite Tokenless Two-Factor Authentication Introduction Authentication is the process by which a computer system positively identifies a user It is commonly considered to be one of the
More informationAre You Flirting with Risk?
Are You Flirting with Risk? A Review of RSA Authentication Manager 8.x Platform 1 2 3 RSA AUTHENTICATION Agenda MANAGER 8.0 Password Problem The Ultimate Authentication Engine Market overview {Speaker}
More informationSECURING CORPORATE ASSETS WITH TWO FACTOR AUTHENTICATION
SECURING CORPORATE ASSETS WITH TWO FACTOR AUTHENTICATION Introduction Why static passwords are insufficient Introducing two-factor Authentication Form Factors for OTP delivery Contact information OTP generating
More informationCracking the Access Management Code for Your Business
White Paper Security Cracking the Access Management Code for Your Business As the digital transformation expands across your business, delivering secure access to it has made a modern identity and access
More informationSurvey Guide: Businesses Should Begin Preparing for the Death of the Password
Survey Guide: Businesses Should Begin Preparing for the Death of the Password Survey Guide: Businesses Should Begin Preparing for the Death of the Password The way digital enterprises connect with their
More informationDeprecating the Password: A Progress Report. Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018
Deprecating the Password: A Progress Report Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018 The password problem Alpha-numeric passwords are hard for humans to remember and easy
More informationPublic Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman
Public Key Infrastructure PKI National Digital Certification Center Information Technology Authority Sultanate of Oman Agenda Objectives PKI Features etrust Components Government eservices Oman National
More informationDIGITAL IDENTITY TRENDS AND NEWS IN CHINA AND SOUTH EAST ASIA
DIGITAL IDENTITY TRENDS AND NEWS IN CHINA AND SOUTH EAST ASIA 1 SECURING DIGITAL IDENTITY THE KEY TO ASIA S VAST POTENTIAL IN E-COMMERCE We are living through an exciting time for digital commerce in Asia.
More informationAN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP
AN IPSWITCH WHITEPAPER The Definitive Guide to Secure FTP The Importance of File Transfer Are you concerned with the security of file transfer processes in your company? According to a survey of IT pros
More informationThe Role of PNT in Cybersecurity Location-based Authentication
The Role of PNT in Cybersecurity Location-based Authentication Dr. Michael O Connor November 14, 2013 Satelles is a Division of ikare Corporation What do we mean by Authentication? Authentication is the
More informationTrusted Computing Group
Trusted Computing Group Backgrounder May 2003 Copyright 2003 Trusted Computing Group (www.trustedcomputinggroup.org.) All Rights Reserved Trusted Computing Group Enabling the Industry to Make Computing
More informationSxS Authentication solution. - SXS
SxS Authentication solution. - SXS www.asseco.com/see SxS Single Point of Authentication Solution Asseco Authentication Server (SxS) is a two-factor authentication solution specifically designed to meet
More informationPut Identity at the Heart of Security
Put Identity at the Heart of Security Strong Authentication via Hitachi Biometric Technology Tadeusz Woszczyński Country Manager Poland, Hitachi Europe Ltd. 20 September 2017 Financial security in the
More informationKuppingerCole Whitepaper. by Dave Kearns February 2013
KuppingerCole Whitepaper by Dave Kearns February 2013 KuppingerCole Whitepaper Using Information Stewardship within by Dave Kearns dk@kuppingercole.com February 2013 Content 1. Summary... 3 2. Good information
More informationOTP and Challenge/Response Algorithms for Financial and e-government Identity Assurance: Current Landscape and Trends
WP WP ActivIdentity OTP and Challenge/Response Algorithms for Financial and e-government Identity Assurance P 1 WHITE PAPER OTP and Challenge/Response Algorithms for Financial and e-government Identity
More informationRestech. User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS
Restech User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS Your presenter: Vince Gremillion, CISSP 30+ years technical and customer service experience Founder/Co-Owner RESTECH
More informationPSD2 Compliance - Q&A
PSD2 Compliance - Q&A Q: How do hardware-based solutions such as OTP tokens provide dynamic linking with single transactions? In general, users can enter payment information such as the amount of money
More informationProtect Yourself Against VPN-Based Attacks: Five Do s and Don ts
White Paper Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts Don t let stolen VPN credentials jeopardize your security March 2015 A TECHTARGET WHITE PAPER Most IT professionals take for
More informationSolution. Imagine... a New World of Authentication.
A Solution Imagine... a New World of Authentication. Imagine a World Where Passwords can t be hacked People can t share credentials Users can t pretend to be someone else Where authentication is more Secure
More informationUniversal Representation of a Consumer's Identity Is it Possible? Presenter: Rob Harris, VP of Product Strategy, FIS
Universal Representation of a Consumer's Identity Is it Possible? Presenter: Rob Harris, VP of Product Strategy, FIS Topics Consumer identity why it is important How big a problem is identity fraud? What
More informationWi-Fi Security for Next Generation Connectivity. Perry Correll Aerohive, Wi-Fi Alliance member October 2018
Perry Correll Aerohive, Wi-Fi Alliance member October 2018 1 Value of Wi-F1 The value Wi-Fi provides to the global economy rivals the combined market value of Apple Inc. and Amazon. The fact that Wi-Fi
More informationBlackBerry 2FA. Datasheet. BlackBerry 2FA
Datasheet BlackBerry 2FA BlackBerry 2FA The Challenge: Critical enterprise systems especially cloud services are more exposed than ever before because of the growing threat of cybercrime. Passwords alone
More informationAccount Takeover: Why Payment Fraud Protection is Not Enough
Cybercrime Protection Account Takeover: Why Payment Fraud Protection is Not Enough Mustafa Rassiwala, ThreatMetrix, Inc. April 2014 1 Agenda 1. Customer Accounts Blessing or Curse? 2. Passwords Weakest
More informationGDPR How we can help. Solvit Networks CA. ALL RIGHTS RESERVED.
GDPR How we can help Solvit Networks 01.11.2017 2016 CA. ALL RIGHTS RESERVED. GDPR The facts The General Data Protection Regulation (GDPR) applies to all companies trading in the EU and processing personal
More informationPSD2 webinar session - Q&A
PSD2 webinar session - Q&A Q: How does hardware based solutions such as OTP tokens will provide dynamic linking with single transactions? In general, users can enter payment information, such as the amount
More informationDefender 5: The Right Way to Prove, Identify and Establish Trust
Defender 5: The Right Way to Prove, Identify and Establish Trust Introduction Before the Internet, business transactions were typically conducted face-to-face, so establishing your business partner s identity
More informationNEVIS Smart Solutions against sophisticated attackers
NEVIS Smart Solutions against sophisticated attackers Stephan Schweizer NEVIS Product Manager March 2016 1 AdNovum at a Glance Enterprise-scale software and security solutions Founded in 1988, privately
More informationLing Hsieh 謝姈諺 Deputy Sales Manager/ Marketing Department
Ling Hsieh 謝姈諺 Deputy Sales Manager/ Marketing Department Changing Information Tech. Top 1 branded cyber security company focus on PKI & MOTP among domestic and foreign brands. YoY growth is over 100%
More informationINNOVATIVE IT- SECURITY FOR THE BANKING AND PAYMENT INDUSTRY
INNOVATIVE IT- SECURITY FOR THE BANKING AND PAYMENT INDUSTRY Verisec is a Swedish IT-security company specialized in digital identity and information security solutions for the banking and payments industry.
More informationBusiness White Paper IDENTITY AND SECURITY. Access Manager. Novell. Comprehensive Access Management for the Enterprise
Business White Paper IDENTITY AND SECURITY Novell Access Manager Comprehensive Access Management for the Enterprise Simple, Secure Access to Network Resources Business Driver 1: Cost Novell Access Manager
More informationMeeting the requirements of PCI DSS 3.2 standard to user authentication
Meeting the requirements of PCI DSS 3.2 standard to user authentication Using the Indeed Identity products for authentication In April 2016, the new PCI DSS 3.2 version was adopted. Some of this version
More informationIDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller
IDCore Flexible, Trusted Open Platform financial services & retail enterprise > SOLUTION Government telecommunications transport Trusted Open Platform Java Card Alexandra Miller >network identity >smart
More informationHow. Biometrics. Expand the Reach of Mobile Banking ENTER
How Biometrics Expand the Reach of Mobile Banking ENTER Table of Contents 01 The Mobile Banking Opportunity 02 What s Suppressing Mobile Adoption? 03 Onboarding Challenges: Proving One s Identity 04 Authentication
More informationLecture 9 User Authentication
Lecture 9 User Authentication RFC 4949 RFC 4949 defines user authentication as: The process of verifying an identity claimed by or for a system entity. Authentication Process Fundamental building block
More informationFujitsu World Tour 2016
Fujitsu World Tour 2016 Human Centric Innovation in Action Utrecht 13 June 2016 0 Copyright 2016 FUJITSU Mobilizing the Enterprise One size does not fit all powered by 1 Copyright 2016 FUJITSU Speaker
More informationADOPTING FIDO SearchSecurity
E-Guide SearchSecurity T he inability of passwords to keep online accounts secure has been recognized for quite some time, but the IT industry has struggled to establish a practical alternative. PAGE 2
More informationInteragency Advisory Board Meeting Agenda, Wednesday, April 24, 2013
Interagency Advisory Board Meeting Agenda, Wednesday, April 24, 2013 1. Opening Remarks 2. A Security Industry Association (SIA) Perspective on the Cost and Methods for Migrating PACS Systems to Use PIV
More informationBEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE
BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE OUR ORGANISATION AND SPECIALIST SKILLS Focused on delivery, integration and managed services around Identity and Access Management.
More informationStrategies for the Implementation of PIV I Secure Identity Credentials
Strategies for the Implementation of PIV I Secure Identity Credentials A Smart Card Alliance Educational Institute Workshop PIV Technology and Policy Requirements Steve Rogers President & CEO 9 th Annual
More informationNatural Security Alliance
Natural Security Alliance Business model and pilot projects ITU 14 & 15 October 2014 Philippe'Batard' Batard&&&Partners' Summary Natural Security Alliance: an initiative from retailers and banks The solution
More informationFighting Fraud with Behavioral Biometrics and Cognitive Fraud Detection. IBM Security s Brooke Satti Charles on the Power of These New Capabilities
Fighting Fraud with Behavioral Biometrics and Cognitive Fraud Detection IBM Security s Brooke Satti Charles on the Power of These New Capabilities SPONSORED BY As fraudsters continually refine their techniques
More informationSecure Data Acquisition, Communication, and Processing for Your IoT Solutions
Secure Data Acquisition, Communication, and Processing for Your IoT Solutions Guidelines for Ensuring a Successful Implementation by Dr. Mihai Voicu, Chief Information Security Officer, Telit Contents
More informationCyber Security and Cyber Fraud
Cyber Security and Cyber Fraud Remarks by Andrew Ross Director, Payments and Cyber Security Canadian Bankers Association for Senate Standing Committee on Banking, Trade, and Commerce October 26, 2017 Ottawa
More informationIdentity Assurance Framework: Realizing The Identity Opportunity With Consistency And Definition
Identity Assurance Framework: Realizing The Identity Opportunity With Consistency And Definition Sept. 8, 2008 Liberty Alliance 1 Welcome! Introduction of speakers Introduction of attendees Your organization
More informationWho We Are! Natalie Timpone
Who We Are! Natalie Timpone Manager of Security Business Management Office Enterprise Security Awareness Manager Carmelo Walsh Security, Risk, and Compliance Security Awareness Subject Matter Expert Who
More informationA Practical Step-by-Step Guide to Managing Cloud Access in your Organization
GUIDE BOOK 4 Steps to Cloud Access Management A Practical Step-by-Step Guide to Managing Cloud Access in your Organization Cloud Access Challenges in the Enterprise Cloud apps in the enterprise have become
More informationIdentity Management: Setting Context
Identity Management: Setting Context Joseph Pato Trusted Systems Lab Hewlett-Packard Laboratories One Cambridge Center Cambridge, MA 02412, USA joe.pato@hp.com Identity Management is the set of processes,
More informationCISCO SHIELDED OPTICAL NETWORKING
CISCO SHIELDED OPTICAL NETWORKING Dr. Gaurav Kumar Jain Regional College For Education, Research and Technology Email: gaurav.rinkujain.jain@gmail.com Tarun Kumawat JECRC,UDML,College of Engineering Purabi
More informationPCI DSS Addressing Cyber-Security Threats. ETCAA June Gabriel Leperlier
Welcome! PCI DSS Addressing Cyber-Security Threats ETCAA June 2017 - Gabriel Leperlier Short Bio Current Position Head of Continental Europe Advisory Services at Verizon. Managing 30+ GRC/PCI/Pentest Consultants
More informationTwo-Factor Authentication over Mobile: Simplifying Security and Authentication
SAP Thought Leadership Paper SAP Digital Interconnect Two-Factor Authentication over Mobile: Simplifying Security and Authentication Controlling Fraud and Validating End Users Easily and Cost-Effectively
More information